CVE-2017-20261

Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product id parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice views to extract sensitive database information.